I use this function when I am inputting data into a mysql database. It will insure that the data entered is inputted in a safe manner.

<?php 
//Takes the data and returns the the escaped data 
function escData ($data) { 
   global $dbc; 
   if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); }  
   return mysql_real_escape_string($data, $dbc); 
} 

$sql = "INSERT INTO `tableName` (`name`) VALUES ('$someValue')"; 

$insert= mysql_query(escData($sql)); 
?>